The present invention relates to document management to conduct an access control operation in which a document to be outputted as a retrieval result under a retrieval condition specified by a retriever and/or a document to be similarly displayed are/is restricted or controlled in accordance with an authorized level of the retriever. In relation to these application fields, the present invention relates in particular to a document management method and a document management apparatus for supplying a large amount of document information of an electronic library system and the like to users via a wide area network such as Internet and Intranet.
With recent rapid development and popularization of Internet, there can be seen a trend of supplying document information via a network to users. Particularly, in a large-sized document information system such as an electronic library system, there appears a need to provide a large volume of document information to users through a wide area network such as Internet and Intranet.
In such a situation, World Wide Web (WWW) using a protocol called Hyper-Text Transfer Protocol (HTTP) capable of delivering document information to any place in the world is increasingly employed in document management systems for various uses thanks to development of high-performance retrieval functions.
Furthermore, on the other hand, with increase in the amount of document information to be supplied to users, to provide a highly-developed service such as management of document information including secret information and management of charging operation, there is required an access control function in which a result of document retrieval and document to be displayed for a user are restricted in accordance with an authorized access level of the user.
In the prior art, there has been adopted a method of implementing the access control operation in which when a user accesses a document management system, authentication of the user is carried out to conduct an access control operation for each database registered to the system.
That is, when accessing a database in this method, the user inputs a user name and a password to the document management system. The system then achieves an operation to authenticate the user on the basis of the inputted user name and password. The system allows the user completely authenticated to access databases for which access authentication has been already established, thereby conducting the access control operation.
However, in the method above of accomplishing the access control operation for each database through the user authentication, there arises the following problem. Namely, it is difficult to carry out an access control operation in a plurality of levels corresponding to groups to which users belong. This problem becomes remarkable especially when the system includes a large-sized document database.
For example, in a case in which documents to be opened to users belonging to universities and public institutions are required to be discriminated from those to be opened to general users including private firms and companies, it is necessary to separately register these documents in the document management system.
Namely, when users having different authorized access levels are allowed to access a document, the document is required to be registered to a plurality of databases. This accordingly increases the quantity of necessary resources such as magnetic disks and memories, which results in a problem of increase in the cost of the document management system.
Additionally, processing steps such as data registration and backup steps become complex and hence there occurs a problem of conspicuous deterioration in the operation management and system maintenance. Furthermore, when an authorized access level is desired to be altered, document databases are required to be again registered to the system, which leads to a problem of a drawback in expandability.
These problems related to the cost, operation management, maintenance, and expandability of the system appear as far more serious problems when the number of access control levels is increased, for example, in a case in which documents to be supplied to users are limited or restricted in accordance with a contract fee of each user in a document management system conducting management of charging operation.
In accordance with the present invention, there is provided a method of solving this problem in which for each document registered to the document management system, users allowed to access the document are registered as attribute information for each group to which the users belong.
In this method, however, when a user conducts a retrieval operation in the document management system, it is necessary to refer to the attribute information for all documents retrieved as a result of the retrieval operation to determine whether or not the user belongs to a group of users allowed to access the document. Consequently, there arises a problem of elongation in the retrieval time.
Moreover, in accordance with the present invention, there is specifically provided the following configuration. Thanks to the configuration, there can be implemented document management developing a remarkable advantage in the cost, operation management, maintenance, and expandability of the system for a large volume of document information of an electronic library system and the like in which the access control operation can be conducted in accordance with groups to which users belong.
The present invention provides the following configuration.
The configuration includes a text registration step of registering, at registration of a document, a registration document as text data; a data creation and registration step for data retrieval of creating retrieval data for the text data registered in the text registration step and registering the created data; and an access control table creation and registration step of assigning to the document completely registered through the text registration step and the data creation and registration step for data retrieval bit information corresponding to a user group beforehand registered and thereby creating and registering an access control table including information indicating whether or not a user belonging to the group is allowed to access the document.
In addition, there is included an access control table created by assigning bit information corresponding to a beforehand registered user group to a registered document, the table including information indicating whether or not a user belonging to the group is allowed to access the document; a document retrieval step of retrieving, in a retrieval operation of a document, the document by referring to retrieval data beforehand registered; an accessible document list creation step of extracting from the access table document lists including entries thereof associated with a user group to which a retriever of the document belongs, conducting a conjunction operation between the document lists, thereby creating an accessible document list including a list of documents which can be accessed by the retriever; and an access control step of accomplishing a disjunction operation between a document retrieval result obtained through the document retrieval step and the accessible documents created through the accessible list creation step and thereby conducting document access control processing for the retriever in association with the document retrieval result.
In this connection, the document retrieval step and the accessible document list creation step may be executed in an arbitrary order with respect to time. That is, these steps may be concurrently executed. In such a case, the steps may be overlapped with each other. Furthermore, it may also be possible to first execute any one thereof.
Additionally, the document management method may include a user management table indicating a correspondence between each retriever and the user group assigned to the retriever and a step of conducting a retrieval operation through the user management table in response to a specification from a retriever and extracting user groups to which the retriever belongs.
Moreover, there is provided a configuration which includes text registration means for registering, at registration of a document, a registration document as text data; data creating and registering means for data retrieval of creating retrieval data for the text data registered in the text registration step and registering the created data, and access control table creating and registering means for assigning to the document completely registered through the text registration step and the data creation and registration step for data retrieval bit information corresponding to a user group beforehand registered and thereby creating and registering an access control table including information indicating whether or not a user belonging to the group is allowed to access the document.
Incidentally, the configuration may be implemented as a document information processing apparatus capable of retrieving document information in response to an input from a user. The apparatus includes an access control table created by assigning bit information corresponding to a beforehand registered user group to a registered document, the table including information indicating whether or not a user belonging to the group is allowed to access the document, document retrieving means for retrieving, in a retrieval operation of a document, the document by referring to retrieval data beforehand registered, accessible document list creating means for creating from the access table an accessible document list including lists of documents which can be accessed by the retriever, wherein documents which are obtained as a result of the retrieval by the document retrieving means and which are associated with the accessible document list are allowed to be accessed by the retriever. In other words, at least one of the document retrieving means, the accessible document list creating means, and the access control table may be disposed in a device other than the document information processing apparatus.
Moreover, the configuration includes an access control table generated by assigning bit information corresponding to a beforehand registered user group to a registered document, the table including information indicating whether or not a user belonging to the group is allowed to access the document, document retrieving means for retrieving, in a retrieval operation of a document, the document by referring to retrieval data beforehand registered, accessible document list creating means for extracting from the access control table document lists including entries thereof associated with a user group to which a retriever of the document belongs, conducting a conjunction operation between the document lists, thereby creating an accessible document list including which is a list of documents which can be accessed by the retriever, and access control means for accomplishing a disjunction operation between a document retrieval result obtained through the document retrieval step and the accessible documents created through the accessible list creation step and thereby conducting document access control processing for the retriever in association with the document retrieval result.
The configuration may further include a user management table indicating a correspondence between each retriever and the user group assigned to the retriever and means for conducting a retrieval operation through the user management table in response to a specification from a retriever and extracting user groups to which the retriever belongs.